<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8">
<meta name="robots" content="index,nofollow">

<title>DisarmSchema - CSIRT Wiki</title>


<h2>DiSARM GUI Schema Information</h2>

  
	<table><tbody><tr>
	<td align="left" valign="top">
	<h4>Nethead</h4>
	<table border="1"><tbody>
	<tr><td><b>Field</b></td><td><b>Column Name</b></td><td><b>Type</b></td></tr>
	<tr><td>Start Timestamp</td><td>startts</td><td>datetime</td></tr>
	<tr><td>Source IP</td><td>srcip</td><td>bigint</td></tr>
	<tr><td>Source Port</td><td>srcport</td><td>int</td></tr>
	<tr><td>Source Packets</td><td>srcpkts</td><td>bigint</td></tr>
	<tr><td>Source Bytes</td><td>srcbytes</td><td>bigint</td></tr>
	<tr><td>Destination IP</td><td>dstip</td><td>bigint</td></tr>
	<tr><td>Destination Port</td><td>dstport</td><td>int</td></tr>
	<tr><td>Destination Packets</td><td>dstpkts</td><td>bigint</td></tr>
	<tr><td>Destination Bytes</td><td>dstbytes</td><td>bigint</td></tr>
	<tr><td>Protocol</td><td>protocol</td><td>int</td></tr>
	<tr><td>End Timestamp</td><td>endts</td><td>datetime</td></tr>
	<tr><td>Payload</td><td>payload</td><td>blob</td></tr>	
	</tbody></table>
	</td>
	
	<td align="left" valign="top">
	<h4>LFAP</h4>
	<table border="1"><tbody>
	<tr><td><b>Field</b></td><td><b>Column Name</b></td><td><b>Type</b></td></tr>
	<tr><td>Start Timestamp</td><td>startts</td><td>datetime</td></tr>
	<tr><td>Source IP</td><td>srcip</td><td>bigint</td></tr>
	<tr><td>Source Port</td><td>srcport</td><td>int</td></tr>
	<tr><td>Destination IP</td><td>dstip</td><td>bigint</td></tr>
	<tr><td>Destination Port</td><td>dstport</td><td>int</td></tr>
	<tr><td>Packets</td><td>pkts</td><td>bigint</td></tr>
	<tr><td>Bytes</td><td>bytes</td><td>bigint</td></tr>
	<tr><td>Protocol</td><td>protocol</td><td>int</td></tr>
	<tr><td>End Timestamp</td><td>endts</td><td>datetime</td></tr>
	<tr><td>Router IP</td><td>router</td><td>bigint</td></tr>	
	</tbody></table>
	</td>
	
	<td align="left" valign="top">
	<h4>R3000</h4>
	<table border="1"><tbody>
	<tr><td><b>Field</b></td><td><b>Column Name</b></td><td><b>Type</b></td></tr>
	<tr><td>Start Timestamp</td><td>startts</td><td>datetime</td></tr>
	<tr><td>Source IP</td><td>srcip</td><td>bigint</td></tr>
	<tr><td>Category</td><td>category</td><td>varchar(20)</td></tr>
	<tr><td>URL</td><td>url</td><td>blob</td></tr>
	</tbody></table>
	</td>
	</tr>

	<tr>	

	<td align="left" valign="top">
	<h4>Snort</h4>
	<table border="1"><tbody>
	<tr><td><b>Field</b></td><td><b>Column Name</b></td><td><b>Type</b></td></tr>
	<tr><td>Start Timestamp</td><td>startts</td><td>datetime</td></tr>
	<tr><td>Source IP</td><td>srcip</td><td>bigint</td></tr>
	<tr><td>Source Port</td><td>srcport</td><td>int</td></tr>
	<tr><td>Destination IP</td><td>dstip</td><td>bigint</td></tr>
	<tr><td>Destination Port</td><td>dstport</td><td>int</td></tr>
	<tr><td>Protocol</td><td>protocol</td><td>int</td></tr>
	<tr><td>Description</td><td>description</td><td>varchar(100)</td></tr>	
	</tbody></table>
	</td>
	
	
	
	<td align="left" valign="top">
	<h4>EMAAD</h4>
	<table border="1"><tbody>
	<tr><td><b>Field</b></td><td><b>Column Name</b></td><td><b>Type</b></td></tr>
	<tr><td>Start Timestamp</td><td>startts</td><td>datetime</td></tr>
	<tr><td>Source IP</td><td>srcip</td><td>bigint</td></tr>
	<tr><td>Severity</td><td>severity</td><td>int</td></tr>
	<tr><td>Count</td><td>count</td><td>int</td></tr>
	<tr><td>Average</td><td>average</td><td>float</td></tr>
	<tr><td>Standard Deviation</td><td>stddev</td><td>float</td></tr>
	</tbody></table>
	</td>
	
	
	<td align="left" valign="top">
	<h4>TippingPoint</h4>
	<table border="1"><tbody>
	<tr><td><b>Field</b></td><td><b>Column Name</b></td><td><b>Type</b></td></tr>
	<tr><td>Start Timestamp</td><td>startts</td><td>datetime</td></tr>
	<tr><td>Source IP</td><td>srcip</td><td>bigint</td></tr>
	<tr><td>Source Port</td><td>srcport</td><td>int</td></tr>
	<tr><td>Destination IP</td><td>dstip</td><td>bigint</td></tr>
	<tr><td>Destination Port</td><td>dstport</td><td>int</td></tr>
	<tr><td>Protocol</td><td>protocol</td><td>varchar(10)</td></tr>
	<tr><td>Severity</td><td>severity</td><td>varchar(10)</td></tr>
	<tr><td>Alert Type</td><td>alerttype</td><td>varchar(50)</td></tr>	
	<tr><td>Alert Type</td><td>alerttype</td><td>varchar(50)</td></tr>	
	<tr><td>Action</td><td>action</td><td>varchar(50)</td></tr>	
	</tbody></table>
	</td>
	</tr>
	
<tr>
	
	<td align="left" valign="top">
	<h4>Grok</h4>
	<table border="1"><tbody>
	<tr><td><b>Field</b></td><td><b>Column Name</b></td><td><b>Type</b></td></tr>
	<tr><td>Start Timestamp</td><td>startts</td><td>datetime</td></tr>
	<tr><td>End Timestamp</td><td>endts</td><td>datetime</td></tr>
	<tr><td>Source IP</td><td>srcip</td><td>bigint</td></tr>
	<tr><td>Source Port</td><td>srcport</td><td>int</td></tr>
	<tr><td>Source Packets</td><td>srcpkts</td><td>bigint</td></tr>
	<tr><td>Source Bytes</td><td>srcbytes</td><td>bigint</td></tr>
	<tr><td>Source Face</td><td>srcface</td><td>varchar(10)</td></tr>
	<tr><td>Source TTL</td><td>srcttl</td><td>int</td></tr>
	<tr><td>Source Flags</td><td>srcflags</td><td>varchar(10)</td></tr>
	<tr><td>Destination IP</td><td>dstip</td><td>bigint</td></tr>
	<tr><td>Destination Port</td><td>dstport</td><td>int</td></tr>
	<tr><td>Destination Packets</td><td>dstpkts</td><td>bigint</td></tr>
	<tr><td>Destination Bytes</td><td>dstbytes</td><td>bigint</td></tr>
	<tr><td>Destination Face</td><td>dstface</td><td>varchar(10)</td></tr>
	<tr><td>Destination TTL</td><td>dstttl</td><td>int</td></tr>
	<tr><td>Destination Flags</td><td>dstflags</td><td>varchar(10)</td></tr>
	<tr><td>Protocol</td><td>protocol</td><td>int</td></tr>
	</tbody></table>
	</td>
	
	
	<td align="left" valign="top">
	<h4>ProofPoint</h4>
	<table border="1"><tbody>
	<tr><td><b>Field</b></td><td><b>Column Name</b></td><td><b>Type</b></td></tr>
	<tr><td>Start Timestamp</td><td>startts</td><td>datetime</td></tr>
	<tr><td>Session ID</td><td>sessionid</td><td>bigint</td></tr>
	<tr><td>Src IP</td><td>srcip</td><td>bigint</td></tr>
	<tr><td>To Email</td><td>toemail</td><td>varchar(255)</td></tr>
	<tr><td>From Email</td><td>fromemail</td><td>varchar(255)</td></tr>
	<tr><td>Virus Name</td><td>virus</td><td>varchar(255)</td></tr>
	</tbody></table>
	</td>
	
	<td align="left" valign="top">
	
	</td>
	</tr>
	
	</tbody></table>



</body>
</html>

